SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2): All versions prior to v7.2 SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2): All versions prior to v7.2 SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2): All versions prior to v7.2 SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2): All versions prior to v7.2 SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2): All versions prior to v7.2 The following software from Siemens is affected: Successful exploitation of these vulnerabilities could allow an attacker to inject code or cause a denial-of-service condition. Vulnerabilities: Out-of-bounds Write, Exposure of Sensitive Information to an Unauthorized Actor, Improper Locking, Improper Input Validation, NULL Pointer Dereference, Out-of-bounds Read, Release of Invalid Pointer or Reference, Use After Free, Improper Authentication, OS Command Injection, Improper Certificate Validation, Improper Resource Shutdown or Release, Race Condition, Uncaught Exception, Integer Underflow (Wrap or Wraparound), Classic Buffer Overflow, Double Free, Incorrect Authorization, Allocation of Resources Without Limits or Throttling, Improper Validation of Syntactic Correctness of Input For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).ĪTTENTION: Exploitable remotely/Low attack complexityĮquipment: Busybox Applet affecting SCALANCE and RUGGEDCOM products As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory.
0 Comments
Leave a Reply. |